stackoom
  简体   繁体   中英

Docker private registry

 原文  2014-12-10 16:44:58       ubuntu/ docker

Question

On a virtual server ubuntu 14.04 I have installed docker and I try to push to a local registry an image. I followed this guide on the Docker blog but when I try to push the image I have this output:

Error: Invalid registry endpoint https://xx.xx.xx.xx/v1/ : Get https://xx.xx.xx.xx/v1/_ping : x509: certificate has expired or is not yet valid. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry xx.xx.xx.xx to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/xx.xx.xx.xx/ca.crt

I try to add --insecure-registry xx.xx.xx.xx in /etc/default/docker file and restart docker service. Docker fails to start with message /proc/self/fd/9: 17: /etc/default/docker: --insecure-registry: not found .

PS: I run my registry in a docker container

4 answers

solution1
 7  2015-02-08 10:16:56

I had the same problem with Ubuntu 12.04 and Docker 1.4.1. Here is my solution: 

$ sudo docker push "[host:ip:v6:addr:ess:is:here]:5000/myImage"
FATA[0002] Error: Invalid registry endpoint https://[host:ip:v6:addr:ess:is:here]:5000/v1/: Get https://[host:ip:v6:addr:ess:is:here]:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry [host:ip:v6:addr:ess:is:here]:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/[host:ip:v6:addr:ess:is:here]:5000/ca.crt

So, I have an error. 

$ ps axwww | grep /usr/bin/docker
14655 ?        Ssl    2:06 /usr/bin/docker -d
14869 pts/0    S+     0:00 grep /usr/bin/docker

Notice, that there is no extra arguments to /usr/bin/docker. 

$ echo 'DOCKER_OPTS="--insecure-registry [host:ip:v6:addr:ess:is:here]:5000"' | sudo tee -a /etc/default/docker
DOCKER_OPTS="--insecure-registry [host:ip:v6:addr:ess:is:here]:5000"
$ sudo service docker restart
docker stop/waiting
docker start/running, process 15615

Let's check if arguments appeared: 

$ ps axwww | grep /usr/bin/docker
15615 ?        Ssl    0:00 /usr/bin/docker -d --insecure-registry [host:ip:v6:addr:ess:is:here]:5000
15663 pts/0    S+     0:00 grep /usr/bin/docker

Yes, they do. One more attempt: 

$ sudo docker push "[host:ip:v6:addr:ess:is:here]:5000/myImage"
The push refers to a repository [[host:ip:v6:addr:ess:is:here]:5000/myImage] (len: 1)
Sending image list
Pushing repository [host:ip:v6:addr:ess:is:here]:5000/myImage (1 tags)
511136ea3c5a: Image successfully pushed 
27d47432a69b: Pushing [================================================>  ] 189.8 MB/197.2 MB 0

solution2
 2  2016-02-29 14:10:27

simply running this docker run -p 5000:5000 -d registry will get you in to trouble with https.

I found this tutorial helpful : How To Set Up a Private Docker Registry on Ubuntu 14.04

It basically sets up a reverse proxy with nginx to access the private registry. I have 1 vagrant box with the registry and a different vagrant box pulling stuff from this registry. It works :)

Hope that helps

solution3
 0  2014-12-14 09:50:59

Setting up the docker registry directly on a host is quite frustrating. The easiest way to setup a local docker repository is to use the docker-registry docker image. Simply execute 

docker run -p 5000:5000 -d registry

and docker should download the official docker registry image. After that you can attach to container and customize the setup. Source: http://www.devops-insight.com/2014/12/using-private-docker-repository-registry.html

solution4
 0  2018-03-22 07:21:05

In the host 

  1- install docker machin
      curl -L https://github.com/docker/machine/releases/download/v0.14.0/docker-machine-`uname -s`-`uname -m` >/tmp/docker-machine && \
      sudo install /tmp/docker-machine /usr/local/bin/docker-machine
  2- Remove any proxy entry in /etc/systemd/system/docker.....
  3- Edit the daemon.json file, whose default location is /etc/docker/daemon.json
      {
      "insecure-registries" : ["myregistrydomain.com:5000"]
      }
  4- Generate crt: 
      $mkdir -p certs
      $openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
      Be sure to use the same name myregistrydomain.com as a CN.
      Copy the domain.crt file to /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt on every Docker host. You do not need to restart Docker.

  5- pull registry image from docker hub 
      docker run -p 5000:5000 --name myregistry registry

In the client 

  1- Remove any proxy entry in /etc/systemd/system/docker.....
  2- Edit the daemon.json file, whose default location is /etc/docker/daemon.json
      {
      "insecure-registries" : ["myregistrydomain.com:5000"]
      }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker private registry can't find tags when pulling lookup registry-1.docker.io: no such host Docker - push from dockerhub to trusted registry? Adding private ssh key to docker Docker doesn't download images (connection problems to registry) Can't push/pull from local docker registry Trouble running docker registry in insecure mode on Ubuntu 16.04 How do I access a docker insecure registry from a Windows docker on Windows 10 machine? Can't Authenticate on Ubuntu Docker Droplet for docker pull registry (Digital Ocean) docker hint: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate is valid for
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM